Current security threat assessment and fraud detection programs are moving towards a risk-based approach to ensure that entitlement programs, infrastructures, data, and systems are protected from improper use or criminal activity. This risk-based approach requires a significant amount of automation of the threat assessment and fraud detection process and a solid quality assurance process that tracks the quality of a risk assessment process.
However, current risk assessment processes present several major challenges. Unstructured data sources used in the assessment process are hard to convert into a format suitable for an automated assessment. Additionally, non-standard data vocabulary and complicated data semantics are difficult to use by traditional systems such as rule-based engines. Given these challenges, much of the risk assessment processes are manually operated, accuracy rates are less than optimal, and therefore the likelihood of fraud, criminal activity, and other types of risk, increase.